How to use DomainKeys Signature and DKIM Signature

DomainKeys is a technology proposal that can bring black and white back to this
decision process by giving email providers a mechanism for verifying both the domain
of each email sender and the integrity of the messages sent. To learn more detail
about DomainKeys, please refer to http://antispam.yahoo.com/domainkeys

DKIM is a similar technology as Domainkeys. To learn more detail about DKIM, please
refer to RFC4871.

Now, EASendMail provides a way to add DomainKeys signature and DKIM signature to
your email.

How DomainKeys/DKIM works?

DomainKeys/DKIM combines of a public key cryptography and a DNS to provide credible
domain-level authentication for email.

When an email claims to originate from a certain domain, DomainKeys/DKIM provides
a mechanism by which the recipient system can credibly determine that the email
did in fact originate from a person or system authorized to send email for that
domain.

Therefore, to sign an email with DomainKeys/DKIM, you MUST have a private key/pulic
key pair for email signing.

Make key-pair certificate

First of all, we need to generate a certificate which contains public key/private
key. We can use MakeCert.exe (.NET Framework Tools) to generate certificate like
this:

To sign the DomainKeys with EASendMail, we need to create a text file with notepad.
and save it.

If you get certificate by MakeCert.exe, please use the following syntax

For example:
We create a adminsystemdomainkeys.txt and contains the following content.
dk_d: adminsystem.com
dk_s: s1024
CertStore: machine
CertStoreName: my
CertSubjectName: mydomainkeys
// dk_d is the email sender domain,
// dk_s is the domain public key selector.
// CertSubjectName is the keyword in certificate subject.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no

If you get certificate by online tool, please use the following syntax

// then the adminsystemdomainkeys.txt should contain the following content
dk_d: adminsystem.com
dk_s: s1024
PFXPath: c:\my cert\adminsystem.pfx
PFXPassword: mypassword
dk_d is the email sender domain,
// dk_s is the domain public key selector.
// PFXPath is the PFX file full path.
// PFXPassword is the PFX file password.
// If you want to disable DKIM or DomainKeys, you can add
// DKIM:no
// or
// DomainKey:no

Once you get the public key, you should set a TXT record in your domain DNS server.
For example: your selector is s1024, your domain is adminsystem.com, then you should
create a TXT record for s1024._domainkey.adminsystem.com and set the following content
in the record.